[00:00:01] Speaker A: IG documentation.
Hello. Thank you for joining us. This is what counts. A podcast created by Trailblazer Consulting. Here we highlight proven solutions developed through our experience working with companies across various industries. And we talk about how you can apply these solutions to your company. We share our experience solving information management challenges, like creating and implementing a records retention schedule, creating an asset data hierarchy, or helping with email management. This is Lee, and in this episode, Maura and I will talk about what an information governance professional should document.
This was a good one, Maura, because we talk about it in a number of episodes. We say, just make sure you document this. Make sure you document that.
What are those things you should be documenting?
[00:00:52] Speaker B: Can I give the classic answer of it depends.
I'm just kidding.
It does depend. But you're right. I do say it. We both say it all the time. And I was thinking about why, because you asked me this question. And I think, for me, it comes out of the tradition and the principles of records management, which is kind of the forerunner of information governance. And the primary purpose of records management is to keep the documentation that demonstrates and provides evidence, the evidentiary material, the evidentiary records of how an organization operates. So its policies, procedures, decision making, authorities, approvals, transactions, the obligations that the organization has to its customers or its shareholders or its stakeholders or its employees, and obligations that are owed to the organization. And all of that originally was captured in actual documents, physical documents. And if you had to prove anything, you had a document that set it, and it followed whatever process that you and your company had created to prove that this was a true document, a true representation of what happened.
And it really comes. It's been at the basis of record keeping for literally millennia, going back to my favorite Sumerians and the clay tablets. I see you laughing, but it's been a while. I have not talked about the clay tablets in a long time.
[00:02:38] Speaker A: That's good. That's good.
[00:02:40] Speaker B: So, for those of you who may not have heard me talk about the clay tablets before, in Samaria, where you had a clay tablet and you needed to document a contract, a transaction that was taking place between two parties, they would fill out the form using cuneiform and a stylus in the clay tablet. They would preserve it, and then they would add another layer of clay, and they would create the same information. They would write the same information on the outside. So it was a check that you couldn't break the outside envelope and change the inside. The two had to match and put.
[00:03:20] Speaker A: That in the cave and store it for later?
[00:03:22] Speaker B: Yes. You would put it in a cave. Caves are very geologically stable. They still are. It's why big storage company use companies started out using salt mines.
Records management is an old, old profession. It has a lot of history to it. I find some of it fascinating. So anyway, the idea of we wrote it down is old. If you look at american history, when America was founded, it was very expensive to write things down. Paper was very expensive. Ink was very expensive. Not everyone could read and write, so you often had to pay someone to actually transcribe the transaction and make sure that all sides agreed that this is what each was going to offer the other one. And so when the federal government was formed, it was illegal to destroy any records because they were so valuable. The federal Records act in the 1930s was actually the first time that you were allowed to destroy records of the federal government. And that's because at that point, it had become cheaper and easier to create them, which means people started creating things that were less valuable. When you have to go skin a sheep and make vellum and get blueberries and make ink or whatever, cut a quill pen, I'm going down a rabbit hole here. But I can see it in your eyes. But the effort that went into creating a document used to be such that you didn't do that as a trivial thing. You did that only for the most important records, the ones that translate into kind of the less than 2% of records that we consider as permanently valuable. In most organizations today, the advent of mass production of paper, printing presses, photocopiers, and then electronic means of copying and distributing information means it's much easier to create less valuable written documents. So we're talking about, what is it important to document? I think we need to go back to those original principles of, we're trying to document the policies, the approvals, the decisions, the transactions, and the obligations of your organization.
So as you're working through your information governance program and you're establishing, what are you going to do?
Usually what we do, what we help our clients do, or what we ask them is, okay, what are the goals that you want to put in place for your IG program? And they are often very similar.
We want to create all the records that we need to run our business. We want to have all the information that we need to make sure we're running our business.
Usually there's some adverbs on there. Running our business safely, effectively, efficiently, to maximize revenue, minimize cost, minimize disruption, minimize errors, those things change from company to company. But the idea of, do we have the information we need that's usually first. The second thing is, okay, do we have the information that we need to show that we're in compliance with any federal, state, or local laws or regulations that apply to our business? So if we're an energy company, we need to comply with environmental regulations, we will need to comply with income tax regulations. We have employees, so we need to comply with the OSHA regulations. So what documents, what records, what data do we need to prove that we are doing those things? Right, so you're documenting those things. Then when it comes time to make harder decisions, like, oh, we have 500,000 boxes in a warehouse.
We're not sure what's in them. We have some ideas of how they got there.
If we're going to inventory those 500,000 boxes, it's going to take five years or it's going to take 25 people to go attack it on a daily basis for six months or something.
We can do the math on how long it's going to take. If you want to actually track down and see every single thing that's in the boxes, is that worth it? Or can we make some high level, risk based decisions of, okay, we know what we sent off site. We know who was authorized to send it off site. We've got our transmittal forms. We have a general idea of what's in each box. We're going to make a decision to keep these boxes for X more years based on our retention schedule. And we understand the risk that we're taking that we may destroy something too soon.
And you want to document that thought process so that you can say, these were the factors we considered. This was a thoughtful decision. This was not a haphazard decision just based on cost cutting. We don't want to pay for storage anymore.
Apply the same thing to old servers or backup tapes where it's actually harder to find out what's on it. And the 500,000 becomes a half a billion different objects out there very easily. Same idea, though.
What security groups were people in? How old is everything?
What would our retention schedule say about these records if we had more detail? Here is our risk based decision of how long we're going to keep these records. And we understand this risk and we're going to document that. So that's the what?
[00:09:11] Speaker A: Yeah, and you're getting to some of the really hard things. In its simplistic form, a records destruction certificate is documenting the fact that you destroyed something. Right. So that's kind of an easier one if you want to put it that way. Right.
You have that we destroyed this according to the retention schedule. We got the certificate and we're going to keep that certificate. Documenting that you have a 90 day email roll off. That's kind of another easy to one too, right? You could put it in a policy or an IT policy or something to that effect. So you're talking about the harder ones, which are, like you said, the ones that, yeah, we got these boxes in storage that nobody knows anything about, and they're from 30 years ago. What do we do with them? How do we make that whole decision? How do we create that package to make that decision? The piece that gets documented and how do we document those, then? I gave simple examples, right, the certificate and the policy. How do we document some of those that you're talking about? The harder ones.
[00:10:21] Speaker B: And that's good segue to where I was going next, because it doesn't have to be a convoluted process to document it.
You can take advantage of things like basically any system that you're going to create has date time stamping available.
You can create an unalterable format, like a PDF format, so that you can say, contemporaneously contemporaneous notes are important, so documented at the time you make the decision, circulate it to the people involved in the decision, make sure that you've captured all the details correctly, capture it as a PDF that can't be changed, and store it in, say, a team site where you're keeping those destruction certificates or those policies or those other decisions that you've made about your information governance program. You can actually send an email to a team site. You don't even have to do it manually. You can just cc the team site on the email and it goes right there. If you have a different content management solution, not a Microsoft Team site, but some other collaboration system or content management solution, create a folder, create a library, create a channel, and just automatically send these documents where you've just written it down. Pretty basic things. Here's the date, here's who was involved. This was the question we were trying to answer. Here are the factors we considered, and here's the decision that we made. So it just. And reference.
We made this decision based on our policies, based on our retention schedule, and based on the information that we could gather about this set of records, given the limitations we had in terms of time or access or something else. So it doesn't have to be a lot. It's a couple paragraphs, it's one page every time, but it's consistent and it is documentation of your thought process and your thought process. Here is how the organization is managing information.
[00:12:23] Speaker A: Good stuff.
[00:12:25] Speaker B: Yep. It sounds so easy when you say it out like that. And then I feel like sometimes people are let down because, oh, we thought this was hard, but it's actually not hard. It's just that it requires discipline to do it every time. And it requires enough detail in the documentation so that a person who wasn't involved in decision, in the decision could look at it and say, okay, that was a reasonable approach that's going to protect you in the event of a litigation or an audit where someone comes back and says, why did you destroy these records? You can show them this and say, here's what we were faced with. Here's what we decided, here's how we did it. And as long as you are consistent and thoughtful, that is usually a good defense.
[00:13:13] Speaker A: Excellent. If you have any questions, please send us an email at
[email protected] or look us up on the web at www.trailblazer.us.com. Thank you for listening and please tune into our next episode. Also, if you like this episode, please be a champion and share it with people in your social media network. As always, we appreciate you the listeners special thanks goes to Jason Blake who created our music.
[00:13:39] Speaker B: Great. Thanks Lee and thanks everyone for listening. Look forward to our next episode.
